CVE-2022-4132 – Memory leak on tls connections
https://notcve.org/view.php?id=CVE-2022-4132
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page). Se encontró una falla en JSS. Una pérdida de memoria en JSS requiere una configuración no estándar, pero es un vector DoS de bajo esfuerzo si se configura de esa manera (presionando repetidamente la página de inicio de sesión). • https://access.redhat.com/security/cve/CVE-2022-4132 https://bugzilla.redhat.com/show_bug.cgi?id=2147372 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2021-4213 – JSS: memory leak in TLS connection leads to OOM
https://notcve.org/view.php?id=CVE-2021-4213
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service. Se ha encontrado un fallo en JSS, que no libera apropiadamente toda la memoria. Con el tiempo, la memoria desperdiciada es acumulada en la memoria del servidor, saturando la RAM del mismo. • https://access.redhat.com/security/cve/CVE-2021-4213 https://bugzilla.redhat.com/show_bug.cgi?id=2042900 https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2 https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 https://security-tracker.debian.org/tracker/CVE-2021-4213 • CWE-401: Missing Release of Memory after Effective Lifetime •